Slashdot Mirror

← Back to Stories (view on slashdot.org)

iTunes DRM-Free Files Contain Personal Info

Posted by kdawson on from the musical-steganography dept.

r2k writes "Apple's iTunes Plus files are DRM-free, but sharing the files on P2P networks may be an extremely bad idea. A report published by CNet highlights the fact that the account information and email address of the iTunes account holder is hidden inside each and every DRM-free download. I checked, and I found I couldn't access the information using an ID3 tag editor, but using Notepad I found my email address stored inside the audio file itself."

25 of 693 comments (clear)

  1. Seriously... by fyngyrz · · Score: 5, Insightful

    I don't see the problem. I didn't want them to remove DRM so I could ignore the copyright on the music, I wanted them to remove it so I could use it on any device I wanted to listen to it on. They did that; now I can, as far as I'm concerned, we're all good now.

    If you interpret the lack of DRM as permission to ignore copyright, and you end up in trouble because you did so...

    Nope, don't see the problem.

    ....sharing the files on P2P networks may be an extremely bad idea

    Good grief. "Sharing" copyrighted music files on a P2P network was always an extremely bad idea. If you ever had any fraction of an excuse for doing it (and frankly, I don't really think you did, but...) it is gone now, at least as far as iTunes purchases go. What has changed is it is now reasonable to purchase music, because you'll actually get to own it, use it on *all* your gear, back it up, etc.

    The only thing I can think of that is really affected by this is your ability to legitimately resell recording of a tune you own, because you bought it. And for that issue, I give it.... maybe an hour before someone comes up with a tool to ZOT that name and email address right out of there. Maybe it'll even put the new one in. Pride of ownership and all that.

    --
    I've fallen off your lawn, and I can't get up.
    1. Re:Seriously... by Tubal-Cain · · Score: 4, Insightful

      Agreed. This is a fairly reasonable compromise on Apple's part.

    2. Re:Seriously... by quarrel · · Score: 4, Insightful

      Oh please, if you're the copyright holder are you really paying Apple and downloading it off itunes?

      No. You're not.

      GP is correct.

      --Q

    3. Re:Seriously... by erroneus · · Score: 4, Insightful

      While I agree with you, here is the problem I have with it:

      Person A is the target
      Person B is the attacker
      RIAA is the litigious groups of assholes

      Person B decides to harm Person A. Person B knows Person A's email address. Person B modifies a bunch of MP3s to contain Person A's email address and then posts them to every torrent site imaginable. RIAA is famous for ignoring what "reasonable doubt" might suggest or imply and immediate goes into litigation. Even if it is later revealed that Person A was a victim in this scenario and is completely innocent of wrong doing, Person A just spend a LOT of money in the process. (It can be reasonably assumed that Person A spent a lot of money because without having spent money, a defendant most likely will lose.)

    4. Re:Seriously... by zachdms · · Score: 4, Insightful

      Couldn't you correlate your purchase record, or lack thereof, to validate or disprove the claims against you in that scenario?

      It seems like a quick comparative analysis there would pretty quickly mitigate *most* of that concern.

    5. Re:Seriously... by DA-MAN · · Score: 5, Insightful

      i seriously doubt that an email which can be easily changed in a file can be used as the sole grounds for pressing charges. It ma however bolster a case where a user has been tracked by IP and the files have his email too.

      As we're talking about purchased music, all Apple would have to do is lookup the record of the credit card used to purchase the song.

      So unless you always use iTunes redeemable gift cards, it's probably fairly easy to track a user definitively.

      --
      Can I get an eye poke?
      Dog House Forum
    6. Re:Seriously... by lisaparratt · · Score: 5, Insightful

      Of course there's loss, but to imply a lack of transcoding loss is a prerequisite before anyone can use it anywhere is absolute madness.

      No one who lives outside of their mum's basement cares. Really. Your average MP3 player is not hifi, and your average consumer doesn't give two shits about the quality loss.

      Also, last I checked, Steve Jobs didn't repeatedly smash your face into a MacBook keyboard whilst pointing a shotgun at your head with his free hand until you bought music from iTunes. If you don't want it, don't buy it.

    7. Re:Seriously... by paul248 · · Score: 4, Insightful

      Well, Apple could sign the file with their private key after adding your user ID. It wouldn't stop people from blanking it out, but it would securely prevent impersonation.

    8. Re:Seriously... by mstroeck · · Score: 5, Insightful

      Please... We've done blind tests with orchestra and studio musicians, and the detection rate of MP3 vs. CD on $500 studio headphones was not statistically significant. Get over it already.

    9. Re:Seriously... by paanta · · Score: 5, Insightful

      I don't think you really addressed the compromise or reasonableness aspect of this.

      Apple wants DRM free stuff and RIAA doesn't. Apple stuffs personal info in there so there will be some accountability should the file get P2P'd. Sounds like compromise to me.

      As far as reasonableness? Your scenarios sound pretty darn unlikely. Almost as unlikely as someone stealing my iPod with my contact info in it, then deliberately leaving it at the scene of a murder in order to frame me. Or maybe space aliens will steal the music on my iPod and accidentally broadcast it back to Earth. NASA will pick it up, magically determine the email address associated with it, send spooks to pick me and perform experiments on me for the rest of my life.

    10. Re:Seriously... by Schadrach · · Score: 5, Insightful

      How is a digital signature verifying that the file is the original provided by Apple iTunes DRM in any meaningful sense? It places no restrictions on the file in any form, doesn't prevent or limit it's usage, simply acts as verification: "My checksum matches the checksum that this signature says it should, therefore the file has not been changed since purchased from iTunes".

    11. Re:Seriously... by nmg196 · · Score: 4, Insightful

      Listening to music on headphones while on the train is lossy but people still do it. We can't all sit in silent rooms with reference quality speakers 6 ft in front of us and £1000 amplifiers. The quality loss is totally irrelevant as it cannot be heard under normal listening conditions by the vast majority of people.

    12. Re:Seriously... by sglewis100 · · Score: 4, Insightful

      Fair enough so long as there is no additional lossiness in the conversion.

      Why? Who cares? AAC is a valid format. They should use MP3 because more non-iPods support MP3 then AAC? Maybe they should support Ogg because it's "better" or sell music in a lossless format so that you are closer to the original.

      I kind of understood the complaint when it was DRM protected AAC "wahhh... I can't play it on my non-iPod even though that device supports AAC". Now you can. But there's no reason Apple should have to support MP3. To many, these high bitrate AAC files are superior to MP3. Have a non-AAC compatible player? Go to Amazon.com, they have a similar selection.

      There will always be a complainer until Apple releases every song ever, including bootlegs, in Ogg, MP3, AAC, Flac, and ten other formats, and change the iPod to support all of the same, and make the iPod a 3G wireless device that has a built in BitTorrent client to grab the files quicker, and they cook you dinner and do your laundry too. Maybe some of the readers here just aren't the iPod's intended audience?

    13. Re:Seriously... by sglewis100 · · Score: 5, Insightful

      If you think $500 headphones are high quality, you're sorely mistaken.

      If you think the intended audience for things like iTunes and the Amazon MP3 store DON'T think $500 are high quality, you might be the mistaken one.

    14. Re:Seriously... by Cowmonaut · · Score: 4, Insightful
      Note: My numbered rebuttals correspond to your numbered statements.

      1) Apple does negotiate with the RIAA about the terms of the DRM service that Apple has to maintain and run. I'm far from an Apple fanboy, but there have been stories over the years going off on how the DRM wasn't Apple's idea and so forth. There are even quotes of Steve Jobs saying that DRM is bad, and that guy sure as hell isn't the type to just take it. I seem to remember a Slashdot story telling of how they were forcing the RIAA to accept their terms, but over the years the opposite I admit has been more likely.

      Of course, the actual music execs have been saying for years that DRM is bad but the lawyers at the RIAA seem to be running their companies into the ground for them.

      2)The private info consists of the email address related to the account that purchased it. I do not believe it actually contains a lot of 'personal information' such as your name, or social security number, or bank account numbers. I don't personally buy DRM'd music (which means I've yet to buy an iTunes track) so I can't be 100% positive, but I'm fairly sure there would of been an article on Slashdot before given this is nothing new to iTunes.

      By the way, how is it any different than leaving a card or sticker with your name and phone number on an item in case you lose it so a good Samaritan (in the unlikely event your stuff is found by one) can return it to you? Honestly I think this is a non-argument.

      3)You're the kind of person that would put a kid in a bubble to keep him from getting hurt, but not thing of how to feed him aren't you? The 'private info' consists of an e-mail address. Your pedophile argument is no better than the morons who scream "think of the children" in politics, equally pointless and used as an exaggeration of a problem to prove your point.

      A pedophile isn't going to go track down someone by their bloody email address when they can just watch the school and pick their target in person. They wouldn't even know its a kids iPod until they found out who owned the email address, it could be a teacher's. Never mind the difficulties in actually associating a face to an email address when all you have to go by is the address itself and the fact they have an iPod.

      The scams are equally as bad. Worst case, you have someone use the email address on a few porn sites so they get some XXX spam mail. If you are a mature parent, you can deal with that easy enough and if you are a tech savvy parent it shouldn't be a problem anyways unless you don't supervise your kids online experience (which means ALL online aspects, not just browsing and IRC).

      So tell me. What would you do with my email address? How will you track me down with mine if I don't use it on Myspace? What if its only used on iTunes?

      I think people are knee-jerking a bit much.

    15. Re:Seriously... by samkass · · Score: 5, Insightful

      I think the concern is the following scenario: 1. Download from iTunes onto an iPod, 2. The iPod is stolen, 3. The tunes on the iPod are uploaded to file sharing networks, 4. I get sued by the RIAA. Of course, I think the CYA thing to do is just make sure you file a report whenever your iPod is stolen, and that should make short work of any lawsuit defense.

      --
      E pluribus unum
    16. Re:Seriously... by shark72 · · Score: 5, Insightful

      "3) Imagine how many iPods are lost at schools. How many scams can you think of that take advantage of the owner's desire to get their iPod back. Worst of all, show me a pedophile that wouldn't love to pretend to be some kid's classmate wanting to return their beloved iPod in order to lure them somewhere private. Lost iPod + email address of owner = "Meet me by the white van with tinted windows""

      Yes, won't somebody please think of the children?

      Pirates: "No good music is available onine! I'll stop pirating when the record labels wake up and embrace online distribution."

      Record industry: "Okay, our entire catalogs are online now."

      Pirates: "But now it's too expensive! Good god, do you think we're rich? I'll stop pirating when music is less than a buck a track. That's a fortune!"

      Record industry: "Okay, you win. Now by shopping around, you can find lots of music for $0.80 a track or less."

      Pirates: "But you still have that DRM which impedes my fair use rights! I'll stop pirating when DRM is dead. Until then, it's off to TPB for me."

      Record industry: "Hey, you know, you were right all along. It took us a while to realize it, but you're right. We've removed the DRM."

      Pirates: "PEDOPHILES! PEDOPHILES! YOU'RE ENCOURAGING AND ASSISTING THE KIDNAPPING OF CHILDREN! Because of this despicable act, I'm going to pirate TWICE as much music now!"

      --
      Sitting in my day care, the art is decopainted.
    17. Re:Seriously... by shark72 · · Score: 4, Insightful

      This sort of thing has been a risk for a while. For instance, your car might be stolen, then used as a getaway car for an armed bank robbery. Witnesses make note of the license plate, and the police come to your door.

      This doesn't make license plates a bad idea.

      --
      Sitting in my day care, the art is decopainted.
    18. Re:Seriously... by kithrup · · Score: 4, Insightful

      The email addresses have always been in clear-text. Even in the encrypted song files.

      Seriously, am I the only person in the entire world who runs strings or emacs on binary files just to see what might be in them?

  2. hmmm by JimboFBX · · Score: 4, Insightful

    so what happens when you send it to someone else in a "hey check out this song" kind of way, then that person is stupid and sticks it in their lime wire folder?

  3. No worries by Thanshin · · Score: 5, Insightful

    Never again buy anything related to music and you'll be safe.

    Alternatively, you can buy music in small stores, in cash. In that case, it's better to wear sunglasses and a hat. You wouldn't want anyone to discover you're one of those people who actually are paying clients of the music industry.

  4. Old News by Star_Gazer · · Score: 5, Insightful

    http://yro.slashdot.org/article.pl?sid=07/05/30/2014222

    I think it's OK. Even if I really buy from iTunes to burn a cd as gift, at that point the account info will be gone, so what's the matter?

  5. Old story by rduke15 · · Score: 5, Insightful

    This is an almost 2 year old story: Apple's DRM Whack-a-Mole (Posted by CmdrTaco on 10.06.2007 17:08)

    If it bothers you to have an identifying tag in your music files, well remove it or overwrite it.
    As far as I understand, it's stored in a standard MP4 atom.

    And if you don't know how to do it, ask Google, or try this suggestion which explains how to use AtomicParsley for windows or mac.

  6. Keep your private stuff private: keep your privacy by HumanEmulator · · Score: 4, Insightful

    So... if I keep the music I purchased for private use private, I have no privacy violation? Right?

    Also, despite the summary's between the lines implication that Apple is hiding the info from ID3 tag editors, the audio files are MPEG4. This means they don't contain ID3 tags. Since MPEG4 is based on QuickTime, a QuickTime atom editor will happily show you the tags and let you remove them.

    You could also have guessed the purchaser info was in these files based on the fact that iTunes shows it to you if you get info on a song.

  7. Reasonable compromise... by Joce640k · · Score: 4, Insightful

    Sure, so long as they make it abundantly clear that this is what they're up to.

    Is this the case? I assume it isn't, because Slashdot and others are acting all surprised about it.

    --
    No sig today...